If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

The problem is that many of these other defensive appliances are rarely monitored. That is a sad but true statement in many cases. Furthermore, even when these appliances are monitored there is a strong possibility that the person who is reading the output does not have the requisite training, or knowledge, to understand the information they are seeing. In some cases, large networks receive hundreds of thousands of alerts every day.

The problem of an intrusion detection system going unmonitored, or misinterpreted is unfortunately an all too common one. Too many corporations invest in the technology yet do not invest in the human side of the equation to manage and monitor the equipment.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

We've seen that phenomenon before when PC-XTs were new in the market. Companies buy computers and then announce that they are "now computerized" even when they really don't have the full grasp of the potential utilities a computer system would have to their business needs.

So, we see the same "fire and forget" mindset when it comes to security. If I understand the various threads here in AO alone: just because you have a firewall, it does not follow that you're safe.

If a company dares invest in the hardware and software, why not include the investment in the "wet-ware"?

the firewall's operation can be circumvented by inserting a malicious Trojan into the network stack itself.

One of the very first text files I read, having found AO, was how to by pass Zone Alarm. A rather scathing attack on ZA also. ( that was 3 years ago ) The above quote is a paraphrase from that text. Or I should say looks like it is.

Amazing what sticks in the mind.

Though our attacker now has system level access to the server, it is far stealthier to communicate to it via the LSP Trojan to decrease the chance of detection at any point in the future.

At this point is not the trojan the only method our attacker has to access the server?????????

What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

I agree with you here. I have no problem with a properly implemented software firewall solution. The only properly implemented software firewall being one placed behind a hardware firewall. A software firewall is only as secure as the operating system that it is running on, and is not a acceptable amount of security for a corporate network.

It is an interesting read though, thanks.

"Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous